What information ADF collects.
Lawful basis for collecting information.
How ADF uses the information.
How ADF communicates with data subjects.
With whom ADF may share personal data.
What choices are available to data subjects.
What types of security procedures are in place to protect against the loss, misuse, or alteration of personal data under ADF control.
How data subjects can correct, access, or limit their personal data under ADF control.
Under GDPR, a data subject is an identified or identifiable natural person; personal data is any information relating to a data subject.
Individuals with questions or concerns regarding this statement may email corporatecounsel@ADFinternational.org.
- Information Collection
ADF collects personal data at several different points on our websites as well as from other sources.
In order to fully access portions of ADF websites related to training, a user must first complete a registration form. During registration and the subsequent application process, a user is required to give personal data relating to qualifications for the training as well as contact information.
ADF also collects data subject contact information when users request information or services or sign up for newsletters.
Users must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date) to make an online donation. Online gifts to ADF International will be processed by Stripe Payments Europe, Ltd. (hereinafter “Stripe”) and will be deposited in the UK bank account of ADF International (UK). ADF International will allocate the funds to the location (country or region), program, or project where they are most urgently needed. Donors who wish to donate to a specific ADF International location, program, or project may call +44 800 197 3435.
Stripe is an Irish entity regulated by European law, including the data privacy laws. It will provide some or all of its processing services from systems located within the United States or other countries outside of the United Kingdom. When Stripe transfers personal data to its affiliate, Stripe, Inc. in the US, it employs the European Commission’s Standard Contractual Clauses (“Model Clauses”) to allow for the lawful transfer of such data.
Donors may call ADF UK at +44 800 197 3435 with questions or concerns about a gift.
A cookie is a piece of data stored on a user’s computer tied to information about the use of a website. We use both session ID cookies and persistent cookies. A session ID cookie is a temporary file that remains on users’ computers during a site visit, but expires when users close their browsers. A persistent cookie is a small text file stored on a user’s hard drive for an extended period of time. By allowing a persistent cookie for our site, a user will not have to re-type a username more than once, thereby saving time while on our sites. Persistent cookies enable us to track and target the interests of our users to enhance the experience on our site. See the “Profile” section. Persistent cookies can be removed by following internet browser help file directions.
Like most standard website servers, we use log files. This may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use.
Clear Gifs (Web Beacons/Web Bugs)
We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. The main difference between the two is that clear gifs reside on the website and are triggered by a user’s visit, while cookies reside on the visitor’s computer.
Clear Gifs can “work with” existing cookies on a computer if they are both from the same website or organization. That means, for example, that if a person visited “www.companyX.com”, which uses an advertising company’s clear gif, the website (or advertising company) would match the clear gif’s identifier and the advertising company’s cookie ID number, to show the past online behavior for that computer. This collected information would then be given to the advertising company (or website). This website does not use other organizations’ clear gifs.
We also use clear gifs in our HTML-based emails to let us know which emails have been opened by the recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. Users who have signed up for emails and would like to opt-out of them may do so through the Opt-out section.
We collect information from direct contact with data subjects at ADF events, responses to direct mail, telephone calls from persons wanting information, legal assistance, or to make donations, and other voluntary sources.
Information Manifestly Made Public
Because of our legal advocacy work, we collect data on public figures such as Members of Parliament and other public officials. We collect this information from public sources.
Sensitive Personal Information
We unavoidably collect some sensitive data about certain persons, and other sensitive information may be inferred about persons who participate in or support our work. We do not disclose such information outside ADF.
2. Lawful Basis
The GDPR requires a lawful basis for collecting and using (“processing”) personal data about persons in Europe. One or more of the following lawful bases justify our collection and use of data:
We will email or call data subjects for marketing or other purposes with their specific consent, but we will not use their consent for an unrelated purpose. Individuals may withdraw consent at any time by clicking the “unsubscribe” button in an email, emailing corporatecounsel@ADFinternational.org, or calling +44 800 197 3435.
ADF has a legitimate interest in the necessary processing of information for many types of data subjects such as donors, clients, employees, contractors, website users, and others. When we rely upon legitimate interest as a basis of processing, we balance the interests of ADF with data subjects’ interests to ensure we are not infringing their rights and freedoms.
All contracts require some level of processing personal data whether it be a contact person at a vendor, an individual contractor, or an employee. Processing justified by contract is limited to fulfilling our objectives in relation to the contract.
We have a legal obligation to process certain employee data relating to taxes, social security, and other legal obligations associated with a person’s employment.
3. Information Use
We will not use personal data for purposes other than those to which the person has consented. We will not sell or otherwise share donor or other personal data with non-ADF affiliated/contract organizations, nor will we send donor mailings on behalf of other organizations. We will not authorize the use of personal data by any outside third party for any form of fundraising or solicitation.
We have a legitimate interest in using cookies, log files, and clear gifs to enhance the user experience while on our websites. Cookies allow us to track traffic patterns, speed up searches, and make it easier for users to find things related to previous visits. We also have a legitimate interest in using donor information to contact donors about their gifts. With data subject consent, we will use their information to keep them updated on the work of ADF and to seek support. We do not use IP addresses to identify users who have not registered or otherwise provided their contact information.
We use personal data collected during registration and any application process to select attendees, plan their training experience, contact them about an application or event, and maintain a relationship subsequent to the event.
We use personal data related to requests for information, services, or newsletters to contact individuals about the events, information, or services about which they have inquired.
We or our trusted partners use personal data collected in connection with donations for billing purposes, to process donations, or to contact the donor if we have trouble processing a donation. We will not use this information to contact the donor for other purposes absent express consent. Credit card information is deleted after a transaction is complete unless a donor has agreed to recurring gifts.
We may store information that we collect through cookies, log files, and clear gifs to create an online profile of our website users. A profile is stored information that we keep on individual users that details their viewing preferences. Consequently, collected information is tied to the user’s personal data to provide offers and improve the content of the site for the user. This profile is used to tailor a user’s visit to our website and to direct pertinent information to them. A user’s online profile may be shared in aggregate form only.
4. Communications with Data Subjects
Special Offers and Updates
We may send all new website registered users a welcoming email to verify password and username. Established users who consent to do so will occasionally receive information on products, services, urgent issues, and our newsletter. Out of respect for privacy, users may opt to stop receiving these types of communications at any time. Please see the Choice/Opt-out Section.
Our newsletters and marketing communications include updates on our latest projects, victories, and giving opportunities. We will send electronic newsletters or other marketing communications only to those who have expressly requested them or granted permission for such contacts through their preferred channel(s).
If a person wishes to subscribe to our newsletter or other information sources, we ask for contact information, such as name, address, or email address. Subscribers may opt out of these communications at any time. Please see the Choice/Opt-out Section.
It may become necessary to send out a strictly service-related announcement. For instance, if our service is temporarily suspended for maintenance, we might send registered users an email. Generally, registered users may not opt-out of these communications, although they can deactivate their account.
We communicate with data subjects on a regular basis to provide requested services. In regards to issues relating to their account, we reply via email or phone in accordance with the person’s wishes.
Transfer to Third Parties
We do not transfer personal data to third parties absent the data subject’s express consent or a strict legal obligation other than as mentioned in this section. Though we make every effort to preserve data subject privacy, we may need to disclose personal data if we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order, or legal process.
Aggregate Information (not personal data)
We may share aggregated demographic information with others. This is not linked to any personal data.
We may use third-party intermediaries, such as, but not limited to, a letter shop to customize mailings, a shipping company to ship orders, a credit card processing company to process gifts or bill data subjects for goods and services, and a cloud-based system such as Salesforce for customer relationship management. We will make sure that such intermediaries are bound by contractual agreements and do not retain, share, store, or process personal data for any secondary purposes.
We may partner with other third parties to provide specific services. When the individual signs up for these particular services, we may share names or other contact information that is necessary for the third party to provide these services. These third parties are not allowed to process this personal data except for the purpose of providing these services.
In the event ADF goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, data subjects’ personal data will, in most instances, be part of the assets transferred.
6. Data Subject Choices
Our data subjects are given the opportunity to opt-in to receive our newsletters or other information from ADF. Individuals who no longer wish to receive our newsletter and informational communications may opt-out of receiving these communications by contacting Corporatecounsel@ADFinternational.org.
This website contains links to other sites. Please be aware that ADF is not responsible for the privacy practices of such other sites. We encourage our website users to be aware when they leave our site and to read the privacy statements of every website that collects personal data. ADF.uk is the only website to which this privacy statement applies. See Terms & Conditions.
From time to time, our site may request information from users via surveys. Participation in these surveys is completely voluntary, and the user, therefore, has a choice whether to disclose the requested information. Survey information generally will be used for purposes of monitoring or improving the use and satisfaction of this site.
Chat Rooms, Message Boards, and Public Forums
Please keep in mind that whenever users voluntarily disclose personal data online – for example on message boards, through email, or in chat areas – that information can be collected and used by others. In short, by posting personal data online that is publicly accessible, users may receive unsolicited messages from other parties in return.
ADF takes every precaution to protect our data subjects’ information. When data subjects submit sensitive information via the website, we take great effort to ensure their information is protected both online and offline. When our registration/donor form asks for sensitive information (such as a credit card number), that information is encrypted and is protected with the best encryption software we are aware of in the industry – SSL.
While we use SSL encryption to protect sensitive information online, we also aggressively protect personal data offline. We restrict access to personal data on a need-to-know basis to ministry employees, who are subject to discipline or termination for violating confidentiality, and to contractors or agents who are subject to confidentiality agreements. Finally, the servers that store personal data are in a secure environment.
Supplementation of Information
In order for this website to meet user expectations, it may be necessary for us to supplement the information we receive with information from third-party sources.
We may use software to verify a website user’s address to avoid session hijacking, hacking attempts, or other attacks.
Enhancement of Marketing Profile
With donor consent, we may purchase third-party marketing data and add it to our existing constituent database to better target our advertising and provide pertinent information in which we think our donors would be interested. We will use this information to enhance or overlay the “profile” of individuals. This aggregate marketing data is therefore tied to the individual’s personal data. (See also the “Online Profile” section.)
8. Control of Personal data
ADF will retain personal data for as long as a person maintains a relationship with ADF or as long as necessary to fulfil the purposes for which it was collected. If data subjects request that their data be deleted, there may be residual data in back-up files that will not be removed.
Correcting/Updating/Deleting/Deactivating Personal data
If data subjects’ personal data changes (such as zip code, phone, email or postal address), or if they no longer desire our services, they should call 1-800-835-5233 or email firstname.lastname@example.org to update or delete/deactivate their personal data.
Registered individuals may update their profile within the site using “Edit Profile” functionality, call 1-800-835-5233, or email email@example.com.
Right to Know What Personal Data ADF Holds
Data subjects have a right to know what personal data ADF has about them and to receive it in a format that can be transferred to another service. Upon written request, ADF will respond within 30 days to inform a data subject about what personal data ADF possesses, as well as its source (where this is available), whether any personal data is being processed, give a description of the personal data and the reasons it is being processed, or to provide the data in a portable format. ADF may require additional information to satisfy it that the person requesting the information is the individual to whom the data relates or additional information to enable it to locate the data. The information will ordinarily be provided free of charge, but ADF may request payment under some circumstances, such as repeated requests. If ADF requests additional information or payment, the 30-day period for a response does not begin until ADF receives it.
Right to Prevent Direct Marketing or Profiling
Individuals have the right to give written notice to prevent direct marketing. Upon receiving a written notice, ADF will delete personal data from its marketing list except to the extent data is necessary to ensure that the data subject’s preferences are respected in the future. If a marketing campaign is already underway when notice is received, there may be a delay between the time of the notice and the time contacts end.
Individuals also have the right to object to using their information to analyze or predict their personal preferences, behaviours, or attitudes. While ADF will enhance an individual profile only with consent, it will cease such profiling upon receiving a written objection.
Right to Restrict Use
Individuals have a right to restrict the use of their data if it is inaccurate, it was obtained unlawfully, its use is unnecessary, or ADF does not have a legitimate ground for using it. Data subjects also have a right to provide instructions on what is to be done with their data upon their death. Individuals may make a written request to restrict or direct the use of their information.
In the event a person believes their information is being used inappropriately, they may lodge a complaint with the supervisory authority in their country.
To provide a notice, request a change of address, or request information about personal data, an individual may email corporatecounsel@ADFinternational.org or mail a letter to:
ADF UK, 16 Old Queen Street, Westminster, London, SW1H 9HP, is a company limited by guarantee, registered in England and Wales as a charity. Company No. 09923116, Charity no. 1173195.